Re: Can nat (inside) 0 coexist with nat 1 (inside) ???
I have heard that ! Our cisco support ( third party not cisco directly) said it`s a good practice to use the static cmd if you don`t want to nat. But it is getting very confusing when you don`t want a nat any interface of the pix. You get a lot of static statement and I lose track! Don`t forget that global cmd is a pool of address so it is hard to track if you get a complaine that someone in your network hack another compagny on internet....That why we don`t want to nat
I like my nat 0 with an access-list more easy to maintaint and easy to understand. And Cisco dont describe static cmd as a nat 0 but as a way to allow lower sec to higer sec interface access.
One last thing you might confirm a bit off the track::
My vpn need to go to the outside so security should allow it OK
But my vpn need also to go inside so the security don't allow it OK i need an acl.
I notice that as soon as I put an acl to allow vpn to inside a lose my outside access. The acl deny it. It seem that the security principle are non existants as soon as you add an acl on a interface. Is that make sense???
I am a bit stuck since the only way my vpn to allow both interfaces is to make a acl with a permit any any since I don`t know where on internet the vpn will go! There sould be a better way to do it ???
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :